September 28, 2017 by

Sonic Drive-In Breach Could See Info of Millions of Credit, Debit Cards Stolen

Drive-in restaurant chain Sonic is the latest major company to be the target of a significant data breach.

Fast-food chain Sonic Drive-In, with nearly 3,600 locations in 45 U.S. states has admitted to a data breach affecting a yet-unknown number of payment systems. According to Krebson Security, the data breach could have possibly led to a major sale of millions of stolen credit and debit card details on underground cybercrime forums.

The company has said it is unclear as to just how many restaurants or customers may have been impacted.

A statement from Sonic reads:

We are working to understand the nature and scope of this issue. While law enforcement limits the information we can share, we will communicate additional information as we are able.

In his blog, Brian Krebs revealed he first picked up patterns of a major breach after a pattern of fraudulent transactions on cards previously used at Sonic restaurants. Krebs then cross-referenced a new batch of some five million credit and debit card accounts put up for sale on a underground forum, with banking sources who confirmed they were recently used at Sonic locations.

Upon contacting Sonic, the company soon responded that it was investigating a “potential incident” at store locations.

In responding to Krebs’ security blog, Sonic stated:

Our credit card processor informed us last week of unusual activity regarding credit cards used at SONIC… We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.

The hackers are likely to have gained remote access to point-of-sale card machines at Sonic store locations. The incident sees parallels with another major credit breach at fast-food chain Wendy’s. Wendy was having a particularly hard time in fixing the situation as the majority of the breached locations were independently-owned franchises rather than corporate-owned outlets.

‘The Wendy’s breach was extremely costly for card-issuing banks and credit unions, which were forced to continuously re-issue customer cards that kept getting re-compromised every time their customers went back to eat at another Wendy’s,” Krebs explained.

Indeed, some 90% of Sonic locations in the country are also franchised, which leaves room the possibility of another fiasco.

Image credit: Flickr.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Security Researchers Discover Trove of 1.4 Billion Credentials

Security researchers at dark web monitoring firm 4iQ have stumbled upon a massive 41GB data file of...

Read more arrow_forward

Hackers Steal Compromising Photos from High-Profile Plastic Surgeon

Hackers have broken into a high-profile plastic surgeon in London to steal a cache of sensitive...

Read more arrow_forward

Equifax Data Breach Exposes 143 Million Users’ Data to Identity Theft

Major credit reporting firm Equifax has confirmed a data breach that affects a staggering 143...

Read more arrow_forward